Re: Host IPS -vs- Network IPS? Do we need both?

["adeel hussain" <ad33lh () gmail com>]

Hello,

It all comes down to perimeters and risk.  Do you have remote or
traveling workers?  If so, they will often be outside the protection
provided by your enterprise NIPS and HIPS would be better.  So if you
have to choose then look at your environment and select the most
secure, least cost/overhead option.

As for alternatives such as file integrety checkers and AV... nothing
gets it all and each addition is an improvement.  You must wiegh the
cost in purchase, support and performance against the benefit gained
and the workforces willingnes to "put up with" any performance hits.
Typically file integrety checkers can only be used with specific
system files and will not prevent or detect viruses that do not target
those files (providing a false sence of secuirty).  AV, even regularly
updated, will not catch everything and all variants but your best bet
is one that is, or includes, heuristic detection to improve the chance
of it catching hostile code that it does not have specific definitions
for.

Hope this helps.

Adeel

On Wed, Dec 3, 2008 at 11:48 AM,  <lister () lihim org> wrote:
> Some IPS vendors do not offer a Host IPS solution
>
> Is there really a need for Host IPS if you already have Network IPS covering
> the same network area?  What about if you already have other solutions on the
> host (ie. file integrity)?
>
> The overhead associated with Host IPS is very high (manage agent installs,
> kernel module conflicts, etc).  Just curious if Host IDS is worth it if
> the same coverage is provided with a Network IDS.